Re: [Samba] Unknown panic actions
2009/10/22 Ralph Kutschera news2...@ecuapac.at: Michael Wood schrieb: Basically when a process crashes on Unix from a segmentation fault (or for a couple of other reasons) the operating system can take a snapshot of the memory of the process and write it to a core file. Whether the OS will actually do this is controlled by things like the RLIMIT_CORE which can be set with ulimit -c and in the case of Linux by some stuff in /proc. See http://kbase.redhat.com/faq/docs/DOC-4897 for more details. Ok. So I put the following into the startup script of the samba daemon and assume this works: ulimit -H -c unlimited echo /var/log/coredumps/core.%e.%p /proc/sys/kernel/core_pattern Nonetheless I'm getting no coredumps what makes me think about whether samba really crashes. Try adding in ulimit -S -c unlimited as well to change the soft limit. If it does, will it be restarted automatically? I couldn't find a reason for that within the Debian startup scripts. Ralph -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID - high need to lower it for a test user - active directory auth
2009/10/23 James Kosin james_ko...@cox.net: - Original Message - From: KJS li...@netzensolutions.com Newsgroups: linux.samba Sent: Thursday, October 22, 2009 9:00 AM Subject: Re: [Samba] UID - high need to lower it for a test user - active directory auth Hi Guys, I am having some problems with Active Directory users using a bit of software on our server, my AD users are authing via Winbind this works fine and the only difference I can see between a local user and an AD user is the fact the AD user has a MUCH higher UID, how can I create a user with a low UID to test this? I don't want to change them all yet as it might not be this that is causing the problem. Many Thanks, KJS What sort of problem are you having? The higher UID for non-local users is normal and shouldn't be touched in most cases. This is to keep the local UIDs different significantly from the ones that are not local. The only problem you may be having would be if you have a huge number of local users. In which case you would have to determine if it would be better to create all local account for everyone on the domain to keep from having problems. But, I seriously doubt this is the problem. If it's a wild goose chase it's my fault. He is having trouble with some commercial software when run by domain users instead of local users. The differences between them as far as I could tell are: The local users all have UIDs and primary group IDs 65536. The domain users all have UIDs and primary group IDs 65536. Also, the primary group name of the domain users is Domain Users. i.e. it has a space in it. Since traditionally UIDs and GIDs were 16 bit numbers, I thought it was possible that this commercial software somehow did not like the large UIDs/GIDs. Perhaps it would be easier to test a local user with a high UID and primary group ID to see if that also does not work. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old application very slow
Volker Lendecke schreef: On Thu, Oct 22, 2009 at 04:27:52PM +0200, Koenraad Lelong wrote: Koenraad Lelong schreef: Hi, I think I have a (temporary ?) solution : if I enable fake oplocks the application works fast. Since I was thinking of giving that application and it's database-files it's own share I think it will work. I don't like to give the other shares those fake oplocks. Comments ? If you guarantee that only one user will ever use that db simultaneously, you're probably fine. If you have multi-user access, fake oplocks will make the application eat your data. Volker Hi Volker, I know that, that's why I will give it a share of it's own. That application is write one/read many. Is there an explanation for the fact that when I run the application in dosemu on a linuxbox, the files are opened with an exclusive lock, while under regular Windows, the files are opened without locks ? And that's on the same share. Now that I think of it, I don't see any files opened with oplocks ! All my locking options are default. Why are there no oplocks ? Regards, Koenraad. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old application very slow
On Fri, Oct 23, 2009 at 09:43:05AM +0200, Koenraad Lelong wrote: Now that I think of it, I don't see any files opened with oplocks ! All my locking options are default. Why are there no oplocks ? Once more than one app opens a file r/w, or the same app opens a file twice, all oplocks are gone. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can SAMBA use ADS and files for Auth ?
Thanks Volker. Regards Andy -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: 22 October 2009 15:23 To: Marr,A,Andy,DGE62 C Cc: samba@lists.samba.org Subject: Re: [Samba] Can SAMBA use ADS and files for Auth ? On Thu, Oct 22, 2009 at 03:13:10PM +0100, andy.m...@bt.com wrote: Cheers Volker I think I mean share level; The server is currently setup with security=share , using smbpasswd and assoicated files. I would like to keep those users but also join an AD and allow AD users also. That's not possible, sorry. You might want to play with virtual IP addresses and a second instance of the Samba server using security=ads or security=domain. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old application very slow
Volker Lendecke schreef: On Fri, Oct 23, 2009 at 09:43:05AM +0200, Koenraad Lelong wrote: Now that I think of it, I don't see any files opened with oplocks ! All my locking options are default. Why are there no oplocks ? Once more than one app opens a file r/w, or the same app opens a file twice, all oplocks are gone. Volker Hi, I was confused a while. I though no oplocks = unsafe. But then I realised that only that fake oplocks is unsafe. The fact that other files are not oplocked means the files are not cached by the user, so safe. Thanks for all your replies. Koenraad Lelong. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to automount password less samba share in linux ?
Hello, to use passwordless auth, use the guest option. You can find this option in the man page of cifs. Stef J. Bakshi wrote: Dear list, I have a password-less samba shared and it is used successfully from window PCs. I also like to make an auto-mount for linux pcs so that it can be used from linux boxes. To achieve this I have made an entry in /etc/fstab as ``` //192.168.1.1/shared /home/test/serverdisk cifs user,rw 0 0 As root I can mount it and see all the contents of remote folder. It though asked for a password but simply giving an *enter* at password prompt mount the shared folder successfully. But then non-root user can't write on there. If I try to mount it as a non-admin user it failed with the following error as `` mount serverdisk/ Password: mount error 1 = Operation not permitted Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) Here I did the same at password prompt i.e. simply pressing *enter* which worked as root ; but this time not !!! Have I missed anything or any special arrangement to follow as non-admin ? Need some enlightenment. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID - high need to lower it for a test user - active directory auth
If it's a wild goose chase it's my fault. He is having trouble with some commercial software when run by domain users instead of local users. The differences between them as far as I could tell are: The local users all have UIDs and primary group IDs 65536. The domain users all have UIDs and primary group IDs 65536. Also, the primary group name of the domain users is Domain Users. i.e. it has a space in it. Since traditionally UIDs and GIDs were 16 bit numbers, I thought it was possible that this commercial software somehow did not like the large UIDs/GIDs. Perhaps it would be easier to test a local user with a high UID and primary group ID to see if that also does not work. Perhaps, I guess create a user then usermod -u NUMBER login or just create a user and edit the /etc/passwd entry? I am running out of ideas so I am having to rule everything out... only other thing that is different is the location of the users home dir instead on /home/user its /home/DOMAIN/user. Thanks KJS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] TDB files and moving them
Is it possible to place my tdb files on another partition different from the one that samba is installed on? Can I do that from the .conf file? If so how? As you know the locking.tdb file can get rather large and I'd like to place that on a partition that has some more space then where my / is mounted. Thanks for your help! -- View this message in context: http://www.nabble.com/TDB-files-and-moving-them-tp25978039p25978039.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.4.2 centos with ldap 2.4.11 stucks - The workaround
Hi! As I said, I the smbd daemon stucks if you use Samba 3.4.2 on CentOS 5.3 with ldap 2.4.11. (You start the smb daemons, then you have to wait a few minutes before the daemon states waiting for connections and then after you try to connect to a network share the daemon stucks - all that behaviour when you use the local ldap) I found a workaround - if I use winbind nested groups=no then it works. Can someone give me a hint what is wrong? regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows does not ask for login details after first successful login
Hi All, I have installed Samba on RHEL and am able to access the shared folder from windows xp clients. However there seems to be a slight problem that I am facing. My XP box does not ask me for login credentials after the first time that I successfully login to my samba share. In other words, if one user has already logged in to the share from one xp box, performed his required operation and closed the window, then when another user tries to access the share from the same xp box, it does not ask him for any login credentials and directly opens up the folder of the previous user. This can be avoided only if I restart my system and start fresh. So, I feel there is some setting in the XP box that needs to be changed so that multiple users can login from the same xp box one after the other after succcessfully giving their userids and passwords. Hope I've made it clear. So could someone tell me what needs to be tweaked from xp end so that I can enable multiple logon from the same system (XP). Awaiting replies. With Regards Sanjith -- View this message in context: http://www.nabble.com/Windows-does-not-ask-for-login-details-after-first-successful-login-tp26004457p26004457.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] UID - high need to lower it for a test user - active directory auth
Hi Guys, I am having some problems with Active Directory users using a bit of software on our server, my AD users are authing via Winbind this works fine and the only difference I can see between a local user and an AD user is the fact the AD user has a MUCH higher UID, how can I create a user with a low UID to test this? I don't want to change them all yet as it might not be this that is causing the problem. Many Thanks, KJS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Just out of curiosity, do any of you have mdns4_minimal or mdsn4 in your /etc/nsswitch.conf file? I think mdns4 doesn't work too well and I usually take it out, but it was alive and well on these machines. Does removing those items help anyone? Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Thu, Oct 22, 2009 at 4:45 PM, Robert LeBlanc rob...@leblancnet.uswrote: I'm using 3.4.2 right now and I'm seeing a similar problem. We are using winbind to authenticate our users on our Linux cluster. The worker and interactive nodes are on a private subnet that is NATed to the local LAN. Two head nodes provide failover for the NATing. When failover is happening, winbind whacks out. The system is not unusable, but no authentication happens for about 30 minutes after the failover. I'm going to see if I can get iptables to share state between machines to help prevent this, but there needs to be a faster reconnection after domain controllers seem to be down. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Thu, Oct 22, 2009 at 1:55 AM, Clayton Hill ad...@ateamonsite.comwrote: Hi Jason, Yup you got the same problem - just going about it a sorta different way - ouch that must really suck having winbind\ADdomain own the account you are logged in as. bummer! My problem is slightly less serious as I am trying to use my local accounts (such as root) and I just use samba as a domain member to host files with AD ACLs in the filesystem permissions... but we see the same bug. because winbind (even caching) kills access to my local accounts. I hope this is fixed in 3.4 (I just installed it yesterday) I haven't had a chance to run the same test on 3.4 possibilities: winbind is not caching right to allow smooth operation when the DC is offline and the system is virtually locked up winbind doesnt know the moment it cant connect to the DC that it should really use cache or just buzz off and die somehow winbind may or may not connect back up to the DC immediately I need to play with parameters and see what the new winbind options in 3.4 do. I have been on 3.2 until yesterday. Thanks for the info on the bug report.. Cheers, -Clayton Jason Haar wrote: Just a FYI, but this looks an awful lot like the bug I reported months ago https://bugzilla.samba.org/show_bug.cgi?id=6103 Basically I'm running Fedora11 with no local accounts (beyond root) - relying on winbind. On occasion winbind appears to hang - and no local access works - including root - which shouldn't need winbind to succeed! Normally I have to reboot to fix, however if I was lucky enough for it to happen before my screensaver kicked in, then simply restarting winbind fixes the problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID - high need to lower it for a test user - active directory auth
2009/10/23 KJS li...@netzensolutions.com: If it's a wild goose chase it's my fault. He is having trouble with some commercial software when run by domain users instead of local users. The differences between them as far as I could tell are: The local users all have UIDs and primary group IDs 65536. The domain users all have UIDs and primary group IDs 65536. Also, the primary group name of the domain users is Domain Users. i.e. it has a space in it. Since traditionally UIDs and GIDs were 16 bit numbers, I thought it was possible that this commercial software somehow did not like the large UIDs/GIDs. Perhaps it would be easier to test a local user with a high UID and primary group ID to see if that also does not work. Perhaps, I guess create a user then usermod -u NUMBER login or just create a user and edit the /etc/passwd entry? Or: root:~# addgroup --gid 7 testgroup Adding group `testgroup' (GID 7) ... Done. root:~# adduser --uid 7 --gid 7 testuser Adding user `testuser' ... Adding new user `testuser' (7) with group `testgroup' ... Creating home directory `/home/testuser' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for testuser Enter the new value, or press ENTER for the default Full Name []: test Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [y/N] y root:~# id testuser uid=7(testuser) gid=7(testgroup) groups=7(testgroup) I am running out of ideas so I am having to rule everything out... only other thing that is different is the location of the users home dir instead on /home/user its /home/DOMAIN/user. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] map acl inherit stopped working
On 2009-10-22 19:23, Jeremy Allison wrote: On Thu, Oct 22, 2009 at 10:46:40AM +0200, Peter Rindfuss wrote: On 2009-10-22 01:36, Jeremy Allison wrote: OPk, this is where you log a bug on it with *exact* details on how to reproduce, and I fix it for you :-). Ok, I have added bug 6841: https://bugzilla.samba.org/show_bug.cgi?id=6841 Please let me know what else may be needed. Best, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] inotify (was: ACL)
I'm trying to use samba to share some files with ACL. But when i create a new folder or file, I have to press F5 before I can see any change on the folder. For example: I create a new folder on a directory. But I can´t see it until i press F5 Someone knows how to fix it? Probably your Samba or kernel version is too old. This has nothing to do with ACLs. Either Samba isn't monitoring files for changes (upgrade Samba) or the required facility isn't available (kernel too old.) I think the code has been in the kernel for a long time, so probably a Samba upgrade is in order. FWIW I used to have this issue on Samba 3.0.x but not any more on 3.2.x. Cheers, Adam. --- The samba 3.0.x series displays new files fine, it has to do with kernel conflicts. For example, on one of our RHEL5.3 servers we are using the kernel 2.6.18-92.1.13.el5xen and Samba Version 3.0.31-SerNet-RedHat, and leaving inotify enabled causes runaway smb processes and spams log files that fill terabyte arrays. In order to stop this we had to specify kernel change notify = no in smb.conf, but newer kernel versions don't have this problem. As far as I am aware, this is also only an issue when files are created via a non-smb process (i.e. sftp, local cp, etc.) Newer kernel versions (i.e. 2.6.18-164.el5) work fine with Samba Version 3.0.33-3.14.el5, and if you create files locally they show up almost immediately on the client. -=Andrew Thankyou, there is some good info here and I even kinda understand... :) one question though, if I update samba what kind of issues might I have after that... I am sure I would have to re-start samba but would it mess with my very simple smb.conf file? Or would it mess with any permissions? One danger to updating samba versions is that they sometimes change the default options in the smb.conf file, and you will experience some strange behavior. Before updating samba, I would do a # testparm-v fullsmb.conf which will verbosely list all the default options so if something goes awry you can check back to make sure no defaults have changed. Also make sure that you are backing up the proper samba files. This is what my weekly backups look like (although you may not need to back it up as frequently): #!/bin/bash export DTYD=`date '+%y%m%d_%H'` mkdir /BACKUP/LOCATION/samba/samba_weekly_${DTYD} mkdir /BACKUP/LOCATION/samba/samba_weekly_${DTYD}/var_lib_samba mkdir /BACKUP/LOCATION/samba/samba_weekly_${DTYD}/var_cache_samba mkdir /BACKUP/LOCATION/samba/samba_weekly_${DTYD}/etc_samba cp -r /var/lib/samba/* /BACKUP/LOCATION/samba/samba_weekly_${DTYD}/var_lib_samba cp -r /var/cache/samba/* /BACKUP/LOCATION/samba/samba_weekly_${DTYD}/var_cache_samba cp -r /etc/samba/* /BACKUP/LOCATION/samba/samba_weekly_${DTYD}/etc_samba testparm -s -v /BACKUP/LOCATION/samba/0_support_files/smb.conf.FULL.${DTYD} unset DTYD -=Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] MDB database corruption
That is known and has been already dealt with. But i can't deny that the only thing i changed was my Linux and Samba version. I remember there were issues with the 3.0 series earlier on with MSAccess, but I haven't heard anything since 3.2. Try veto oplock files = /*.mdb/*.MDB/*.mde/*.MDE/*.accdb/*.ACCDB/*.ldb/*.LDB/ in your smb.conf Disabling oplocks DOES indeed cure the issue (no corruption since a couple of weeks)... but, unfortunately, it slows a little the response from the application. That is, i think, the best we can get. Thank you everyone for your suggestions. -- Francesco We ran into the same issue, but preferred stability to speed as well. ;-) I haven't had an issue with any other file type - only crapccess databases. -=Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba+ldap
Does this mean that my samba is ready to connect to LDAP server? r...@webdev # ./smbd -b |grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS r...@webdev # Thanks! Paras. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] map acl inherit stopped working
On Fri, Oct 23, 2009 at 05:43:51PM +0200, Peter Rindfuss wrote: On 2009-10-22 19:23, Jeremy Allison wrote: On Thu, Oct 22, 2009 at 10:46:40AM +0200, Peter Rindfuss wrote: On 2009-10-22 01:36, Jeremy Allison wrote: OPk, this is where you log a bug on it with *exact* details on how to reproduce, and I fix it for you :-). Ok, I have added bug 6841: https://bugzilla.samba.org/show_bug.cgi?id=6841 Please let me know what else may be needed. I'll take a look at this. Might take a few days though (still trying to get 3.4.3 out the door :-). Thanks a *lot* for the bug report ! Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to turn off PDC lookup
I noticed that I can have my computer ads join a domain even when I give a bad PDC. It seems to catch the bad pdc and find the correct PDC. Is there a way to turn this off? Not that I don't like the feature, but I would like to say use this pdc I give you, if you can't, then fail. Is this possible? Thanks, -- - Jeremiah Martell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap
mien has about the same, and connects to LDAP fine, so i think you are ready. [r...@missioncontrol BackupPC-3.2.0beta0]# smbd -b|grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SASL_WRAPPING HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS Paras pradhan wrote: Does this mean that my samba is ready to connect to LDAP server? r...@webdev # ./smbd -b |grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS r...@webdev # Thanks! Paras. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.3.4 very slow file access times
Jeremy Allison wrote: On Wed, Oct 21, 2009 at 05:17:27PM -0700, John Goubeaux wrote: There are *so many* changes between 2.2.x and 3.2.x and beyond it's not even possible to list them all :-). Jeremy. just diff all the changelogs :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap
Most mainstream Linux distros are compiling in LDAP support these days, no problem. Debian, Ubuntu, Fedora and SuSE are all compiling in LDAP in their standard packages, AFAIK. I'm not sure what BSDs are doing these days, but I'd bet they're the same way. On Fri 23/10/09 2:55 PM , Adam Williams wrote:mien has about the same, and connects to LDAP fine, so i think you are ready. [ BackupPC-3.2.0beta0]# smbd -b|grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SASL_WRAPPING HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS Paras pradhan wrote: Does this mean that my samba is ready to connect to LDAP server? # ./smbd -b |grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS # Thanks! Paras. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [4] - Message sent via Atmail Open - http://atmail.org/ Links: -- [4] http://dagda.tuxedo.darktech.org/parse.php?redirect=https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap
On Fri, Oct 23, 2009 at 2:07 PM, mor...@tuxedo.darktech.org wrote: Most mainstream Linux distros are compiling in LDAP support these days, no problem. Debian, Ubuntu, Fedora and SuSE are all compiling in LDAP in their standard packages, AFAIK. I'm not sure what BSDs are doing these days, but I'd bet they're the same way. I am under solaris 9 (ancient) platform. Now my compilation seems to be OK, now need to find ways to connect this to the sun ldap server. Any info on this will be a great help Thanks Paras. On Fri 23/10/09 2:55 PM , Adam Williams awill...@mdah.state.ms.us wrote: mien has about the same, and connects to LDAP fine, so i think you are ready. [r...@missioncontrol BackupPC-3.2.0beta0]# smbd -b|grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SASL_WRAPPING HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS Paras pradhan wrote: Does this mean that my samba is ready to connect to LDAP server? r...@webdev # ./smbd -b |grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS r...@webdev # Thanks! Paras. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Message sent via Atmail Open - http://atmail.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
I also see this in the syslog sometimes: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132286] rsync invoked oom-killer: gfp_mask=0x201d2, order=0, oomkilladj=0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132649] Pid: 6516, comm: rsync Not tainted 2.6.26-2-amd64 #1 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132916] Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132917] Call Trace: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133470] [802738c0] oom_kill_process+0x57/0x1dc Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133746] [8023b551] __capable+0x9/0x1c Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133993] [80273beb] badness+0x188/0x1c7 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.134245] [80273e1f] out_of_memory+0x1f5/0x28e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.140836] [80276b70] __alloc_pages_internal+0x31d/0x3bf Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141048] [80272d1c] generic_file_aio_read+0x3b7/0x4ae Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141279] [8029ae47] do_sync_read+0xc9/0x10c Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141472] [80246221] autoremove_wake_function+0x0/0x2e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141682] [8029b638] vfs_read+0xaa/0x152 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141864] [8029ba19] sys_read+0x45/0x6e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142046] [8020beca] system_call_after_swapgs+0x8a/0x8f Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142254] Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142376] Mem-info: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142511] Node 0 DMA per-cpu: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142662] CPU0: hi:0, btch: 1 usd: 0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142844] Node 0 DMA32 per-cpu: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142998] CPU0: hi: 186, btch: 31 usd: 173 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143183] Active:189862 inactive:179626 dirty:0 writeback:0 unstable:0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143184] free:3011 slab:7697 mapped:76 pagetables:1122 bounce:0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143592] Node 0 DMA free:6020kB min:32kB low:40kB high:48kB active:3012kB inactive:2676kB present:10724kB pages_scanned:9007 all_unreclaimable? yes Oct 23 13:09:35 lsbeast-i2 kernel: [74133.144711] lowmem_reserve[]: 0 1499 1499 1499 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.144894] Node 0 DMA32 free:6024kB min:4936kB low:6168kB high:7404kB active:756436kB inactive:715828kB present:1535136kB pages_scanned:626785 all_unreclaimable? no Oct 23 13:09:35 lsbeast-i2 kernel: [74133.145479] lowmem_reserve[]: 0 0 0 0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.145648] Node 0 DMA: 3*4kB 1*8kB 1*16kB 5*32kB 3*64kB 2*128kB 3*256kB 1*512kB 0*1024kB 0*2048kB 1*4096kB = 6020kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.146045] Node 0 DMA32: 162*4kB 28*8kB 9*16kB 7*32kB 1*64kB 1*128kB 0*256kB 1*512kB 0*1024kB 0*2048kB 1*4096kB = 6040kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.155603] 364394 total pagecache pages Oct 23 13:09:35 lsbeast-i2 kernel: [74133.155831] Swap cache: add 0, delete 0, find 0/0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.156064] Free swap = 0kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.156064] Total swap = 0kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 393200 pages of RAM Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 6902 reserved pages Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 2124 pages shared Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164247] 0 pages swap cached Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164396] Out of memory: kill process 5842 (winbindd) score 76798 or a child Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164850] Killed process 5847 (winbindd) Looks like winbind is running out of memory? Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 9:33 AM, Robert LeBlanc rob...@leblancnet.uswrote: Just out of curiosity, do any of you have mdns4_minimal or mdsn4 in your /etc/nsswitch.conf file? I think mdns4 doesn't work too well and I usually take it out, but it was alive and well on these machines. Does removing those items help anyone? Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Thu, Oct 22, 2009 at 4:45 PM, Robert LeBlanc rob...@leblancnet.uswrote: I'm using 3.4.2 right now and I'm seeing a similar problem. We are using winbind to authenticate our users on our Linux cluster. The worker and interactive nodes are on a private subnet that is NATed to the local LAN. Two head nodes provide failover for the NATing. When failover is happening, winbind whacks out. The system is not unusable, but no authentication happens for about 30 minutes after the failover. I'm going to see if I can get iptables to share state between machines to help prevent this, but there needs to be a faster reconnection after domain controllers seem to be down. Robert LeBlanc
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 15444 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 15484 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 6320 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 1:17 PM, Robert LeBlanc rob...@leblancnet.uswrote: I also see this in the syslog sometimes: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132286] rsync invoked oom-killer: gfp_mask=0x201d2, order=0, oomkilladj=0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132649] Pid: 6516, comm: rsync Not tainted 2.6.26-2-amd64 #1 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132916] Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132917] Call Trace: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133470] [802738c0] oom_kill_process+0x57/0x1dc Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133746] [8023b551] __capable+0x9/0x1c Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133993] [80273beb] badness+0x188/0x1c7 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.134245] [80273e1f] out_of_memory+0x1f5/0x28e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.140836] [80276b70] __alloc_pages_internal+0x31d/0x3bf Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141048] [80272d1c] generic_file_aio_read+0x3b7/0x4ae Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141279] [8029ae47] do_sync_read+0xc9/0x10c Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141472] [80246221] autoremove_wake_function+0x0/0x2e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141682] [8029b638] vfs_read+0xaa/0x152 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141864] [8029ba19] sys_read+0x45/0x6e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142046] [8020beca] system_call_after_swapgs+0x8a/0x8f Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142254] Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142376] Mem-info: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142511] Node 0 DMA per-cpu: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142662] CPU0: hi:0, btch: 1 usd: 0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142844] Node 0 DMA32 per-cpu: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142998] CPU0: hi: 186, btch: 31 usd: 173 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143183] Active:189862 inactive:179626 dirty:0 writeback:0 unstable:0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143184] free:3011 slab:7697 mapped:76 pagetables:1122 bounce:0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143592] Node 0 DMA free:6020kB min:32kB low:40kB high:48kB active:3012kB inactive:2676kB present:10724kB pages_scanned:9007 all_unreclaimable? yes Oct 23 13:09:35 lsbeast-i2 kernel: [74133.144711] lowmem_reserve[]: 0 1499 1499 1499 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.144894] Node 0 DMA32 free:6024kB min:4936kB low:6168kB high:7404kB active:756436kB inactive:715828kB present:1535136kB pages_scanned:626785 all_unreclaimable? no Oct 23 13:09:35 lsbeast-i2 kernel: [74133.145479] lowmem_reserve[]: 0 0 0 0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.145648] Node 0 DMA: 3*4kB 1*8kB 1*16kB 5*32kB 3*64kB 2*128kB 3*256kB 1*512kB 0*1024kB 0*2048kB 1*4096kB = 6020kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.146045] Node 0 DMA32: 162*4kB 28*8kB 9*16kB 7*32kB 1*64kB 1*128kB 0*256kB 1*512kB 0*1024kB 0*2048kB 1*4096kB = 6040kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.155603] 364394 total pagecache pages Oct 23 13:09:35 lsbeast-i2 kernel: [74133.155831] Swap cache: add 0, delete 0, find 0/0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.156064] Free swap = 0kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.156064] Total swap = 0kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 393200 pages of RAM Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 6902 reserved pages Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 2124 pages shared Oct 23
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Fri, Oct 23, 2009 at 01:19:46PM -0600, Robert LeBlanc wrote: Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 15444 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 15484 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 6320 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Well 873m is a little excessive, even for virtual memory :-). That's a memory leak I'd guess. What winbindd version is this ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap
Paras pradhan wrote: On Fri, Oct 23, 2009 at 2:07 PM, mor...@tuxedo.darktech.org wrote: Most mainstream Linux distros are compiling in LDAP support these days, no problem. Debian, Ubuntu, Fedora and SuSE are all compiling in LDAP in their standard packages, AFAIK. I'm not sure what BSDs are doing these days, but I'd bet they're the same way. I am under solaris 9 (ancient) platform. Now my compilation seems to be OK, now need to find ways to connect this to the sun ldap server. Any info on this will be a great help Thanks Paras. in CentOS/Fedora you use nss_ldap, i'm not sure what solaris uses, maybe you can compile nss_ldap from source and setup /etc/ldap.conf and /etc/nsswitch.conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
3.4.2 Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 1:23 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 01:19:46PM -0600, Robert LeBlanc wrote: Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 15444 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 15484 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 6320 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Well 873m is a little excessive, even for virtual memory :-). That's a memory leak I'd guess. What winbindd version is this ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Ok, what does your smb.conf look like. What is the configured winbindd backend ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Robert, Thank you so much for your efforts! :-) Here is a timed output of a simple getfacl command with the DC powered off: HSA-PFX10101001:/etc/samba # time getfacl /tera getfacl: Removing leading '/' from absolute path names # file: /tera # owner: root # group: root user::rwx user:webadmin:rwx group::r-x group:webadmin:r-x group:2000512:rwx group:2000513:rwx mask::rwx other::r-- default:user::rwx default:group::r-x default:group:webadmin:r-x default:group:2000512:rwx default:group:2000513:rwx default:mask::rwx default:other::r-- real27m17.393s user0m0.036s sys 0m0.048s It took 30 minutes to run! Now here is the same command with winbind turned off: HSA-PFX10101001:/etc/samba # time getfacl /tera getfacl: Removing leading '/' from absolute path names # file: /tera # owner: root # group: root user::rwx user:webadmin:rwx group::r-x group:webadmin:r-x group:2000512:rwx group:2000513:rwx mask::rwx other::r-- default:user::rwx default:group::r-x default:group:webadmin:r-x default:group:2000512:rwx default:group:2000513:rwx default:mask::rwx default:other::r-- real0m0.012s user0m0.004s sys 0m0.008s Next I will do logging of the issue, log level 10 Cheers, -Clayton On Fri, 23 Oct 2009 14:34:45 -0600, Robert LeBlanc rob...@leblancnet.us wrote: 3.4.2 Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 1:23 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 01:19:46PM -0600, Robert LeBlanc wrote: Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 15444 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 15484 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 6320 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Well 873m is a little excessive, even for virtual memory :-). That's a memory leak I'd guess. What winbindd version is this ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
I personally am using idmap rid - I wonder what Robert, and the fellow with the laptop who has the bug report has... Note: I will switch to idmap hash in the future.. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = TRUST2K8 realm = TRUST2K8.EDU server string = HSA-PFX10101001 - 10.10.1.154 interfaces = eth2 security = ADS map to guest = Bad User username map = /etc/samba/smbusers log file = /var/log/samba/log%m printcap name = /dev/null disable spoolss = Yes os level = 24 preferred master = Yes local master = No domain master = No idmap config TRUST2K8:range = 200 - 299 idmap config TRUST2K8:base_rid = 0 idmap config TRUST2K8:backend = rid idmap config IDONT:range = 100 - 199 idmap config IDONT:base_rid = 0 idmap config IDONT:backend = rid admin users = webadmin inherit acls = Yes map acl inherit = Yes printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j dos filemode = Yes [tera] comment = big un path = /tera valid users = webadmin, @TRUST2K8\domain admins, @TRUST2K8\domain users write list = webadmin, @TRUST2K8\domain admins, @TRUST2K8\domain users read only = No Cheers, -Clayton On Fri, 23 Oct 2009 13:45:29 -0700, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Ok, what does your smb.conf look like. What is the configured winbindd backend ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Fri, Oct 23, 2009 at 2:45 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Ok, what does your smb.conf look like. What is the configured winbindd backend ? We have switched to hash for the increased flexibility. I have flushed the idmap cache and everything resolves perfectly when a DC is contactable. #=== Global Settings === [global] workgroup = byu realm = BYU.LOCAL preferred master = no server string = %h server dns proxy = no Debugging/Accounting log file = /cluster/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ### Authentication ### security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes ## Printing ## load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes Misc socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # allow trusted domains = No # idmap backend = rid:BYU=1-1 # idmap config BYU:backend = rid # idmap config BYU:range = 1-1 # idmap uid = 1-1 # idmap gid = 1-1 idmap backend = hash winbind nss info = hash winbind use default domain = yes winbind separator = + winbind enum groups = no winbind enum users = no winbind nested groups = yes template homedir = /home/%U template shell = /bin/bash winbind refresh tickets = yes # use kerberos keytab = yes # kerberos method = system keytab # should work after bug is fixed winbind offline logon = yes #=== Share Definitions === Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
(Yes, I should upgrade Samba to 3.0.35). We're running the Sun provided Samba daemon (SUNWsmbau and friends) on Solaris 10 Generic_13-08 (sparc). Lots of Windows clients (mixed XP, 2003, 2008) hit this server and periodically we'll start seeing smbd processes begin piling up. These processes can't be killed with a normal kill -- only kill -9 will do the trick. In the past I've been working with the owners of these Windows machines to ensure scripts they use that hit our shares are written correctly. However, I started peeking at a lot of these smbd proceses and it seems like something is amiss perhaps on the Samba side. Here's the pertinent info on a randomly selected hung process: # truss -v all -aef -p 2506767 25067: *** SUID: ruid/euid/suid = 0 / 122 / 122 *** 25067: *** SGID: rgid/egid/sgid = 0 / 9 / 9 *** 25067: psargs: /usr/sfw/sbin/smbd -D 25067: fcntl(10, F_SETLKW64, 0xFFBFF6F8) (sleeping...) 25067: typ=F_WRLCK whence=SEEK_SET start=32412 len=1 sys=4245464 pid=0 What's FD 10 you ask? # pfiles -F 25067 10: S_IFREG mode:0644 dev:85,60 ino:4630 uid:0 gid:0 size:327680 O_RDWR|O_LARGEFILE advisory read lock set by process 21130 /var/samba/locks/brlock.tdb At this point, cued by another post on this list, I tried a tdbdump on /var/samba/locks/brlock.tdb. It completed without issue however. pstack output: # pstack -F 25067 25067: /usr/sfw/sbin/smbd -D ff049c64 fcntl(a, 23, ffbff6f8) ff0398c0 fcntl(a, 23, ffbff6f8, 7e9c, fee02a00, 18a564) + 18 002822e8 tdb_brlock (4c18e0, 7e9c, 2, 23, 0, 1) + 90 002825f0 tdb_lock (4c18e0, 1f7d, 2, 0, 20, 0) + 16c 0020982c (0, 6833f8, 1, 5cb1d0, 5cb1e0, 40c7d8) 00202d18 is_locked (6833f8, feff, 0, 40c7d8, 0, 0) + 280 00091820 reply_read_and_X (6ded80, 6be900, 3f, 6833f8, 2, 7) + 2d4 000d35ec (6be900, 69e4b0, 6be900, 3f, 2, 8e94) 000d3728 (9400, 6be900, 3f, 2, 9400, 0) 000d399c (69e4b0, 6be900, 4134a0, 6cc8, 40c7d8, 6c00) 000d4b78 smbd_process (6800, 40c7d8, 93a80, 20441, d, 0) + 1ec 00338f38 main (0, 43e110, 0, 41566c, 4175d4, 1) + 9cc 0004e118 _start (0, 0, 0, 0, 0, 0) + 108 The truss shows me that the signals are being received, but in all cases, the process goes back to the SETLKW64 call. /var/samba/locks is on a normal UFS filesystem. Now, clearly there are some patches that could be applied to this system, and I can upgrade Samba to 3.0.35, but I'm hoping someone out there will have an idea of what might be going on here. Why would this particular smbd process *not* be able to get a lock on the brlock.tdb file at a certain point, but subsequent smbd processes apparrently are (new connections to the server appear to be working OK)? And why wouldn't the SETLKW64 command eventually succeed? Would like to get this one figured out instead of just manually killing all the processes every couple weeks or so. Thanks much :) Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 02:18:19PM -0700, Ray Van Dolson wrote: (Yes, I should upgrade Samba to 3.0.35). We're running the Sun provided Samba daemon (SUNWsmbau and friends) on Solaris 10 Generic_13-08 (sparc). Lots of Windows clients (mixed XP, 2003, 2008) hit this server and periodically we'll start seeing smbd processes begin piling up. These processes can't be killed with a normal kill -- only kill -9 will do the trick. Probably someone else is holding the same lock for some reason and is stuck in a file system syscall. Under Linux you would look at /proc/locks to find that info, no idea how to find the current lock holder under Solaris. You need to find that one and see what syscall that guy is stuck in. BTW, you don't happen to run something like samfs? Volker pgp6Rf0s0VXE9.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 02:18:19PM -0700, Ray Van Dolson wrote: # pfiles -F 25067 10: S_IFREG mode:0644 dev:85,60 ino:4630 uid:0 gid:0 size:327680 O_RDWR|O_LARGEFILE advisory read lock set by process 21130 /var/samba/locks/brlock.tdb Ahhh. What does process 21130 do right now? Volker pgpaQszhczBYj.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 02:41:46PM -0700, Volker Lendecke wrote: On Fri, Oct 23, 2009 at 02:18:19PM -0700, Ray Van Dolson wrote: # pfiles -F 25067 10: S_IFREG mode:0644 dev:85,60 ino:4630 uid:0 gid:0 size:327680 O_RDWR|O_LARGEFILE advisory read lock set by process 21130 /var/samba/locks/brlock.tdb Ahhh. What does process 21130 do right now? That is (was) the PID of the parent smbd process -- the one that spawns all others. Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 02:37:15PM -0700, Volker Lendecke wrote: On Fri, Oct 23, 2009 at 02:18:19PM -0700, Ray Van Dolson wrote: (Yes, I should upgrade Samba to 3.0.35). We're running the Sun provided Samba daemon (SUNWsmbau and friends) on Solaris 10 Generic_13-08 (sparc). Lots of Windows clients (mixed XP, 2003, 2008) hit this server and periodically we'll start seeing smbd processes begin piling up. These processes can't be killed with a normal kill -- only kill -9 will do the trick. Probably someone else is holding the same lock for some reason and is stuck in a file system syscall. Under Linux you would look at /proc/locks to find that info, no idea how to find the current lock holder under Solaris. You need to find that one and see what syscall that guy is stuck in. I'm not sure how to do this either. Guess I could pfiles on every other PID on the system. I know there are other PID's also in the same state, trying to get what appears to be the same lock... BTW, you don't happen to run something like samfs? No SamFS on this environment. Volker Thanks! Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 03:09:06PM -0700, Ray Van Dolson wrote: I'm not sure how to do this either. Guess I could pfiles on every other PID on the system. See my other mail, this looks like a good hint. BTW, you don't happen to run something like samfs? No SamFS on this environment. Or maybe re-exporting NFS? Volker pgpCrfpTThwXq.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Powerpoint file locking issue
Hello, We've been seeing a problem with Samba server 3.0.33-0.17 handling lock files for Microsoft Powerpoint 2007. The problem is observed in both Windows XP and Windows Vista. If a user opens an existing file, smbstatus looks like this: 1078111021 DENY_WRITE 0x2019f RDWR NONE /usr/test/dssg test1234ecg2.pptx Fri Oct 23 17:21:52 2009 1051711021 DENY_NONE 0x11RDONLY NONE /usr/test/dssg . Fri Oct 23 17:06:08 2009 1051711021 DENY_NONE 0x11RDONLY NONE /usr/test/dssg . Fri Oct 23 17:06:08 2009 1078111021 DENY_NONE 0x11RDONLY NONE /usr/test/dssg . Fri Oct 23 17:16:19 2009 1078111021 DENY_NONE 0x11RDONLY NONE /usr/test/dssg . Fri Oct 23 17:16:19 2009 1078111021 DENY_WRITE 0x3019f RDWR EXCLUSIVE+BATCH /usr/test/dssg ~$test1234ecg2.pptx Fri Oct 23 17:21:52 2009 Notice, there are both test1234ecg2.pptx and ~$test1234ecg2.pptx. If the user saves, once in awhile (some as often as 1 in 4, some more like 1 in 20 saves), they'll be told that the file is read-only and get offered to save as a new file name. When this happens, smbstatus only shows the ~$test1234ecg2.pptx version of the file. The only way out of this is to exit Powerpoint (after saving to a new name). Well, also you can remove the ~ version of the file from the UNIX side, but Windows won't let you do that. We have tried the following locking options (one at a time) in smb.conf without any of them helping: reset on zero vc = yes strict locking = yes locking = yes lock spin time = 1 It may not be relevant, but I'll add that the Samba servers sit on top of an OpenAFS share. I say it may not be relevant because I made a local share and got the same results (shown above), ruling out OpenAFS. Any advice would be appreciated. Thank you, Chris -- Eric Chris Garrison | Principal Mass Storage Specialist ecgar...@iupui.edu | Indiana University - Research Storage W: 317-278-1207 M: 317-250-8649 | Jabber IM: ecgar...@iupui.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 02:56:48PM -0700, Ray Van Dolson wrote: On Fri, Oct 23, 2009 at 02:41:46PM -0700, Volker Lendecke wrote: On Fri, Oct 23, 2009 at 02:18:19PM -0700, Ray Van Dolson wrote: # pfiles -F 25067 10: S_IFREG mode:0644 dev:85,60 ino:4630 uid:0 gid:0 size:327680 O_RDWR|O_LARGEFILE advisory read lock set by process 21130 /var/samba/locks/brlock.tdb Ahhh. What does process 21130 do right now? That is (was) the PID of the parent smbd process -- the one that spawns all others. Really? Ok, that might be the CLEAR_IF_FIRST indicator lock. That's probably not the one your problem smbd blocks on. Solaris *must* have a way to figure out who is holding an fcntl lock others want Volker pgp2j4jT2wunn.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 03:15:59PM -0700, Volker Lendecke wrote: On Fri, Oct 23, 2009 at 03:09:06PM -0700, Ray Van Dolson wrote: I'm not sure how to do this either. Guess I could pfiles on every other PID on the system. See my other mail, this looks like a good hint. BTW, you don't happen to run something like samfs? No SamFS on this environment. Or maybe re-exporting NFS? Hmm, yes, there is some of that. I guess I was thrown off by the fact that the lock appeared to be on the .tdb file and the .tdb file wouldn't be accessed by any NFS client. Could another process be holding the lock on the .tdb file while it waits for access to the underlying file within the requested share? Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 03:19:03PM -0700, Ray Van Dolson wrote: Hmm, yes, there is some of that. I guess I was thrown off by the fact that the lock appeared to be on the .tdb file and the .tdb file wouldn't be accessed by any NFS client. Could another process be holding the lock on the .tdb file while it waits for access to the underlying file within the requested share? That's exactly what I'm thinking. An smbd holding the brlock.tdb lock, waiting for pread while your NFS server has gone to lunch. Volker pgpeHeLhp4qR8.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 03:21:35PM -0700, Volker Lendecke wrote: On Fri, Oct 23, 2009 at 03:19:03PM -0700, Ray Van Dolson wrote: Hmm, yes, there is some of that. I guess I was thrown off by the fact that the lock appeared to be on the .tdb file and the .tdb file wouldn't be accessed by any NFS client. Could another process be holding the lock on the .tdb file while it waits for access to the underlying file within the requested share? That's exactly what I'm thinking. An smbd holding the brlock.tdb lock, waiting for pread while your NFS server has gone to lunch. Volker I bet you're right. So theoretically if I figure out how to track down that lock, it is likely held by my NFS server... Hrm. But would it make sense that other smbd processes are apparently still accessing brlock.tdb OK for different files? My low level understanding of the locking is lacking a bit. :) Anyways, I'm guessing if this turns out to be NFS related as we suspect, the only fix is to _not_ share with NFS. :) Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 03:28:18PM -0700, Ray Van Dolson wrote: I bet you're right. So theoretically if I figure out how to track down that lock, it is likely held by my NFS server... No, the NFS server is not holding a lock. Hrm. But would it make sense that other smbd processes are apparently still accessing brlock.tdb OK for different files? Yes, there can be many concurrent accesses to brlock.tdb to different hash chains. My low level understanding of the locking is lacking a bit. :) Anyways, I'm guessing if this turns out to be NFS related as we suspect, the only fix is to _not_ share with NFS. :) You need to find the one holding the lock the others are waiting for and see what that guy is blocking on. Everything else is pure speculation. Volker pgpmsqF86Hg3t.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb locking issue - Solaris 10 and Samba 3.0.33
On Fri, Oct 23, 2009 at 03:34:29PM -0700, Volker Lendecke wrote: You need to find the one holding the lock the others are waiting for and see what that guy is blocking on. Everything else is pure speculation. It appears mdb is what I want to use. See this[1] page if anyone is curious. Unfortunately, I kill -9'd one of the processes that was hung. As a result the parent died and all its children, so the fouled up environment I was in is now gone. I'll wait for this to reoccur and then see if I can track down the culprit. Thanks for the guidance, Ray [1] http://utcc.utoronto.ca/~cks/space/blog/solaris/ListingFileLocks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Ok folks, Got ya some log level 10 of this fun stuff.. Steps: First everything is normal. DCs are up. Log level 10 is set. I run wbinfo -t I run net ads info I run net ads testjoin then I bring the DC down. Now I run time getfacl /xymount/tera HSA-PFX10101001:/var/log/samba # time getfacl /xymount/tera getfacl: Removing leading '/' from absolute path names # file: xymount/tera # owner: root # group: root user::rwx user:webadmin:rwx group::r-x group:webadmin:r-x group:2000512:rwx group:2000513:rwx mask::rwx other::r-- default:user::rwx default:group::r-x default:group:webadmin:r-x default:group:2000512:rwx default:group:2000513:rwx default:mask::rwx default:other::r-- real29m10.058s user0m0.020s sys 0m0.008s Then I bring the DCs back up then I run again getfacl /xymount/tera All is well - winbind recovered after the DCs were back up. This must be because Im on 3.4.2 now instead of 3.2.X or earlier which would not recover quickly after the DCs were back. LOGS here: ftp://djfuq.org/logs10.tar Cheers, -Clayton On Fri, 23 Oct 2009 14:51:03 -0600, Robert LeBlanc rob...@leblancnet.us wrote: On Fri, Oct 23, 2009 at 2:45 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Ok, what does your smb.conf look like. What is the configured winbindd backend ? We have switched to hash for the increased flexibility. I have flushed the idmap cache and everything resolves perfectly when a DC is contactable. #=== Global Settings === [global] workgroup = byu realm = BYU.LOCAL preferred master = no server string = %h server dns proxy = no Debugging/Accounting log file = /cluster/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ### Authentication ### security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes ## Printing ## load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes Misc socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # allow trusted domains = No # idmap backend = rid:BYU=1-1 # idmap config BYU:backend = rid # idmap config BYU:range = 1-1 # idmap uid = 1-1 # idmap gid = 1-1 idmap backend = hash winbind nss info = hash winbind use default domain = yes winbind separator = + winbind enum groups = no winbind enum users = no winbind nested groups = yes template homedir = /home/%U template shell = /bin/bash winbind refresh tickets = yes # use kerberos keytab = yes # kerberos method = system keytab # should work after bug is fixed winbind offline logon = yes #=== Share Definitions === Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Doh! wrong protocol for logs! lol here is the right link: http://djfuq.org/logs10.tar have alot of fun -Clayton On Fri, 23 Oct 2009 17:33:15 -0600, ad...@ateamonsite.com wrote: Ok folks, Got ya some log level 10 of this fun stuff.. Steps: First everything is normal. DCs are up. Log level 10 is set. I run wbinfo -t I run net ads info I run net ads testjoin then I bring the DC down. Now I run time getfacl /xymount/tera HSA-PFX10101001:/var/log/samba # time getfacl /xymount/tera getfacl: Removing leading '/' from absolute path names # file: xymount/tera # owner: root # group: root user::rwx user:webadmin:rwx group::r-x group:webadmin:r-x group:2000512:rwx group:2000513:rwx mask::rwx other::r-- default:user::rwx default:group::r-x default:group:webadmin:r-x default:group:2000512:rwx default:group:2000513:rwx default:mask::rwx default:other::r-- real29m10.058s user0m0.020s sys 0m0.008s Then I bring the DCs back up then I run again getfacl /xymount/tera All is well - winbind recovered after the DCs were back up. This must be because Im on 3.4.2 now instead of 3.2.X or earlier which would not recover quickly after the DCs were back. LOGS here: ftp://djfuq.org/logs10.tar Cheers, -Clayton On Fri, 23 Oct 2009 14:51:03 -0600, Robert LeBlanc rob...@leblancnet.us wrote: On Fri, Oct 23, 2009 at 2:45 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Ok, what does your smb.conf look like. What is the configured winbindd backend ? We have switched to hash for the increased flexibility. I have flushed the idmap cache and everything resolves perfectly when a DC is contactable. #=== Global Settings === [global] workgroup = byu realm = BYU.LOCAL preferred master = no server string = %h server dns proxy = no Debugging/Accounting log file = /cluster/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ### Authentication ### security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes ## Printing ## load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes Misc socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # allow trusted domains = No # idmap backend = rid:BYU=1-1 # idmap config BYU:backend = rid # idmap config BYU:range = 1-1 # idmap uid = 1-1 # idmap gid = 1-1 idmap backend = hash winbind nss info = hash winbind use default domain = yes winbind separator = + winbind enum groups = no winbind enum users = no winbind nested groups = yes template homedir = /home/%U template shell = /bin/bash winbind refresh tickets = yes # use kerberos keytab = yes # kerberos method = system keytab # should work after bug is fixed winbind offline logon = yes #=== Share Definitions === Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 1:23 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 01:19:46PM -0600, Robert LeBlanc wrote: Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 1544 4 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 1548 4 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 632 0 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Well 873m is a little excessive, even for virtual memory :-). That's a memory leak I'd guess. What winbindd version is this ? Ok, can you get a message pool usage dump by doing: smbcontrol pid pool-usage on one of the monstrous winbindd processes please ? Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Why Windows don´t found my user root
Hello Before I want thank for all, in special for Miguel Medalha for have show me the link http://www.samba.org/samba/docs/man/Samba-Guide/happy.html and for all that awnser my lasts posts , I get start the process smbd :-) but I though don´t get add a machine in domain samba show this message *Error while a attempt of entry on domain amblivre.com Not is possible find user name,* in this case I am using user Root for add machine in domain. The machine is Windows XP with service pack 3 , there is some configuration for apply on Windows XP for know domain Samba ? I pasted the out of process slapd at moment that I try add machine in domain , I don´t found nothing related to the problem , somebody have any idea about this problem ? , conn=0 fd=12 ACCEPT from IP=127.0.0.1:50092 (IP=0.0.0.0:389) conn=0 op=0 BIND dn=cn=adm,dc=amblivre,dc=com method=128 conn=0 op=0 BIND dn=cn=adm,dc=AMBLIVRE,dc=COM mech=SIMPLE ssf=0 conn=0 op=0 RESULT tag=97 err=0 text= conn=0 op=1 SRCH base= scope=0 deref=0 filter=(objectClass=*) conn=0 op=1 SRCH attr=supportedControl conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=0 op=2 SRCH base=dc=amblivre,dc=com scope=2 deref=0 filter=((uid=root)(objectClass=sambaSamAccount)) conn=0 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=0 op=3 SRCH base=sambaDomainName=AMBLIVRE.COM,dc=amblivre,dc=com scope=0 deref=0 filter=(objectClass=*) conn=0 op=3 SRCH attr=sambaPwdHistoryLength conn=0 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=0 op=4 SRCH base=sambaDomainName=AMBLIVRE.COM,dc=amblivre,dc=com scope=0 deref=0 filter=(objectClass=*) conn=0 op=4 SRCH attr=sambaMaxPwdAge conn=0 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=0 op=5 SRCH base=ou=Groups,dc=amblivre,dc=com scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=0)) conn=0 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=0 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=0 op=6 SRCH base=ou=Groups,dc=amblivre,dc=com scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=0)) conn=0 op=6 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=0 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=0 op=7 SRCH base=ou=Groups,dc=amblivre,dc=com scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=1)) conn=0 op=7 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=0 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=0 op=8 SRCH base=ou=Groups,dc=amblivre,dc=com scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=2)) conn=0 op=8 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=0 op=8 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=0 op=9 SRCH base=ou=Groups,dc=amblivre,dc=com scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=3)) conn=0 op=9 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=0 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=0 op=10 SRCH base=ou=Groups,dc=amblivre,dc=com scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=4)) conn=0 op=10 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=0 op=11 SRCH base=ou=Groups,dc=amblivre,dc=com scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=6)) conn=0 op=11 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=0 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=0 op=12 SRCH base=ou=Groups,dc=amblivre,dc=com scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=10)) conn=0 op=12 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=0 op=12 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=0 op=13 SRCH base=ou=Groups,dc=amblivre,dc=com scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545)) conn=0 op=13 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=0 op=13 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=0 op=14 SRCH base=ou=Groups,dc=amblivre,dc=com scope=2 deref=0
[Samba] samab unable to contact ldap or something else
Dear all I am trying to configure samba+ldap on our rhel 5.2 server. samba version is 3.0.33-3.14.el5 and openldap version is openldap-2.3.43 . My samba configuration is #=== Global Settings === [global] workgroup = abp server string = abpdel1 netbios name = abp security = user passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=abp=,dc=del ldap machine suffix = ou=Computers,dc=abp,dc=del ldap user suffix = ou=People,dc=abp,dc=del ldap group suffix = ou=Group,dc=abp,dc=del ldap admin dn= cn=Manager,dc=abp,dc=del domain master = yes domain logons = yes add user script = /usr/sbin/smbldap-useradd %u add group script = /usr/sbin/smbldap-groupadd %g add machine script = /usr/sbin/smbldap-useradd -w %u delete user script = /usr/sbin/smbldap-userdel %u delete group script = /usr/sbin/smbldap-groupdel %g local master = yes os level = 65 preferred master = yes # Share Definitions == [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no = My ldap configuration is ok because i tested ldap separately but my samba service die automatically by generationg following error messages in /var/log/samba/smb.log lib/smbldap_util.c:smbldap_search_domain_info(263) smbldap_search_domain_info: Problem during LDAPsearch: Time limit exceeded lib/smbldap_util.c:smbldap_search_domain_info(264) smbldap_search_domain_info: Query was: dc=abp=,dc=del, ((objectClass=sambaDomain)(sambaDomainName=ABP)) passdb/pdb_ldap.c:pdb_init_ldapsam(5667) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs services/services_db.c:svcctl_init_keys(420) svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED) abpdel1 smbd[3664]: [2009/10/22 15:43:23, 0] smbd/server.c:main abpdel1 smbd[3664]: ERROR: failed to setup guest info. Any suggestions in this regard will greatly appreciated Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desiring to set up Windows Vista and Linux Fedora Core 4
Hi Michael! Thank you again for your very fast reply! I just tonight had a chance to look over Samba again, and consider the wonderful help you have in this email. On Sat, Oct 10, 2009 at 03:45:17PM +0200, Michael Wood wrote: Here is my current smb.conf file: # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2009/10/03 00:37:16 # Global parameters [global] server string = Windows in Linux - VMware interfaces = eth0, vmnet1, vmnet8 I see you are restricting Samba to the above interfaces. Which interface is your Windows machine plugged into? Your hosts allow line leads me to suspect you might have another ethernet interface in the machine (unless the other 192.168.x.y network is allocated to VMware.) The Windows box is plugged into my D-Link router, as it has one network interface connection and I also access the Internet with it. The D-Link EBR-2310 router is IP 192.168.1.1. The Linux eth0 port is IP 192.168.2.1. It is actually plugged into the second port of another D-Link device, a Gigabit switch (a DGS-2205). Also plugged into the switch is port qfe1 (of a 4-port Ethernet card I have in a Sun Ultra 30), with the address of 192.168.2.2. Port qfe0 of the Sun 4-port Ethernet card is 192.168.1.201, and it is attached to the EBR-2310 router. (The switch is used to be able to allow the Linux as well as the Sun to control my ESP-16 MI [serial port hub, 16 serial connections]. A few of the serial connections are terminals, so they can actually be controlled by the Sun as well as the Linux. Actually, at the moment, everything else that is attached to serial connections [weather station, mailing label printer, speech synthesizer, UPS, X10 power controller, etc.] I really only have the programming at the moment to control these things on the Linux system.) The Sun is the router. It also takes the Linux 192.168.2 connection and routes it to/from the 192.168.1, the cable modem and Internet. (And, the Sun is my mail host.) Again, the Windows computer is on the router, and that is how it is connected to the Linux. (And, I have a 4-camera DVR attached to the router, and DDNS set up to allow a URL to be used to look at the cameras when I'm at work. Helps me check on things on an occasional day when I know my mother is going to be out.) Actually, I'm not really using the VMWare right now at all. The two vmnet interfaces allowed the connection to that, though. (I added eth0 for the Windows Vista computer.) guest account = barry username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap preferred master = Yes dns proxy = No idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 guest ok = Yes hosts allow = 192.168.1. 192.168.2. 127. cups options = raw Are you using cups? The printcap name above leads me to believe you are not using cups. Yes. :-) Who knows... when I first set up my FC4 Linux system, I wasn't using cups, but I installed it soon afterward. That may have been leftover from then, but it was working! :-) [homes] comment = Home Directories read only = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [HostFS] comment = VMware host filesystem path = / read only = No [barry] path = /home/barry valid users = barry read only = No This should not really be necessary because of the [homes] section above, but should not cause any trouble either. Okay... [HP9110] comment = Hewlett-Packard OfficeJet 9110 path = /var/spool/samba read only = No printable = Yes printer name = HP9110 oplocks = No share modes = No Your [printers] section should automatically set up a share for any printers defined in your /etc/printcap file. So this should also not be necessary. Okay... if I seem to get some sort of Samba connection between the Windows and Linux boxes, but have other trouble, I'll keep this in mind. service smb restart in my root window: [...] On the Windows computer, I clicked Start and then Network. I double-clicked OFFICE-WINDOWS. I double-clicked Add a Printer. Then an Add a printer came up near the top of my explorer, after Organize and Views. Clicking Add a printer, I choose Add a network, wireless or Bluetooth printer in the dialog box that comes up. (Add a local printer is the only other choice here.) Yes, Network printer is the correct option. It says Searching for available printers... After a
Build status as of Fri Oct 23 06:00:04 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-10-22 00:00:05.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-10-23 00:00:05.0 -0600 @@ -1,19 +1,19 @@ -Build status as of Thu Oct 22 06:00:04 2009 +Build status as of Fri Oct 23 06:00:04 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 5 1 0 +ccache 3 1 0 distcc 0 0 0 ldb 26 26 0 libreplace 1 1 0 lorikeet 0 0 0 pidl 1 1 0 -ppp 2 0 0 +ppp 0 0 0 rsync26 9 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 0 0 0 +samba_3_current 20 19 0 samba_3_master 23 22 0 samba_3_next 23 22 0 samba_4_0_test 24 24 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b9a3f1d... s3: Fix crash in pam_winbind, another reference to freed memory. from 3050f83... s4-python: we need to include Python.h first http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b9a3f1dd85d168c15df846dba525f4f882d1acf8 Author: Bo Yang boy...@samba.org Date: Sat Oct 24 09:20:00 2009 +0800 s3: Fix crash in pam_winbind, another reference to freed memory. Signed-off-by: Bo Yang boy...@samba.org --- Summary of changes: nsswitch/pam_winbind.c | 10 +++--- 1 files changed, 7 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index a2d3729..93df55d 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -1788,7 +1788,7 @@ static int winbind_auth_request(struct pwb_context *ctx, if (logon.blobs) { wbcFreeMemory(logon.blobs); } - if (info info-blobs) { + if (info info-blobs !p_info) { wbcFreeMemory(info-blobs); } if (error !p_error) { @@ -3141,10 +3141,14 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, free(username_ret); } - wbcFreeMemory(info); - wbcFreeMemory(policy); } + if (info info-blobs) { + wbcFreeMemory(info-blobs); + } + wbcFreeMemory(info); + wbcFreeMemory(policy); + goto out; } } else { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via b46f0a7... s3: Fix crash in pam_winbind, another reference to freed memory. from 2b02c97... Simplify the logic. Jeremy. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit b46f0a7bda7101517435ef612c68e81976d15102 Author: Bo Yang boy...@samba.org Date: Sat Oct 24 09:20:00 2009 +0800 s3: Fix crash in pam_winbind, another reference to freed memory. Signed-off-by: Bo Yang boy...@samba.org (cherry picked from commit b9a3f1dd85d168c15df846dba525f4f882d1acf8) --- Summary of changes: nsswitch/pam_winbind.c | 10 +++--- 1 files changed, 7 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 0eb24a2..7694251 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -1788,7 +1788,7 @@ static int winbind_auth_request(struct pwb_context *ctx, if (logon.blobs) { wbcFreeMemory(logon.blobs); } - if (info info-blobs) { + if (info info-blobs !p_info) { wbcFreeMemory(info-blobs); } if (error !p_error) { @@ -3141,10 +3141,14 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, free(username_ret); } - wbcFreeMemory(info); - wbcFreeMemory(policy); } + if (info info-blobs) { + wbcFreeMemory(info-blobs); + } + wbcFreeMemory(info); + wbcFreeMemory(policy); + goto out; } } else { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4f8826f... ldb python bindungs - better use the enum ldb_scope for the search scope rather than int from b9a3f1d... s3: Fix crash in pam_winbind, another reference to freed memory. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4f8826ff7f4789c5b5f363b733a42053f72aa526 Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Fri Oct 23 14:26:41 2009 +0200 ldb python bindungs - better use the enum ldb_scope for the search scope rather than int --- Summary of changes: source4/lib/ldb/pyldb.c |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/ldb/pyldb.c b/source4/lib/ldb/pyldb.c index d4a369c..136cd47 100644 --- a/source4/lib/ldb/pyldb.c +++ b/source4/lib/ldb/pyldb.c @@ -1006,7 +1006,7 @@ static PyObject *py_ldb_schema_format_value(PyLdbObject *self, PyObject *args) static PyObject *py_ldb_search(PyLdbObject *self, PyObject *args, PyObject *kwargs) { PyObject *py_base = Py_None; - int scope = LDB_SCOPE_DEFAULT; + enum ldb_scope scope = LDB_SCOPE_DEFAULT; char *expr = NULL; PyObject *py_attrs = Py_None; PyObject *py_controls = Py_None; @@ -1348,7 +1348,8 @@ static PyObject *py_ldb_module_del_transaction(PyLdbModuleObject *self) static PyObject *py_ldb_module_search(PyLdbModuleObject *self, PyObject *args, PyObject *kwargs) { PyObject *py_base, *py_tree, *py_attrs, *py_ret; - int ret, scope; + int ret; + enum ldb_scope scope; struct ldb_request *req; const char * const kwnames[] = { base, scope, tree, attrs, NULL }; struct ldb_module *mod; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3b62e25... tdb: rename 'struct list_struct' into 'struct tdb_record' from 4f8826f... ldb python bindungs - better use the enum ldb_scope for the search scope rather than int http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3b62e250c066f44d0ab08a7db037b6b4f74a914b Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 23 13:51:03 2009 +0200 tdb: rename 'struct list_struct' into 'struct tdb_record' metze --- Summary of changes: lib/tdb/common/check.c |8 lib/tdb/common/dump.c |4 ++-- lib/tdb/common/freelist.c | 18 +- lib/tdb/common/freelistcheck.c |2 +- lib/tdb/common/io.c|8 lib/tdb/common/tdb.c | 30 +++--- lib/tdb/common/tdb_private.h | 18 +- lib/tdb/common/transaction.c | 12 ++-- lib/tdb/common/traverse.c |8 9 files changed, 54 insertions(+), 54 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tdb/common/check.c b/lib/tdb/common/check.c index 94240bb..4924734 100644 --- a/lib/tdb/common/check.c +++ b/lib/tdb/common/check.c @@ -63,7 +63,7 @@ corrupt: /* Generic record header check. */ static bool tdb_check_record(struct tdb_context *tdb, tdb_off_t off, -const struct list_struct *rec) +const struct tdb_record *rec) { tdb_off_t tailer; @@ -228,7 +228,7 @@ static void record_offset(unsigned char bits[], tdb_off_t off) /* Check that an in-use record is valid. */ static bool tdb_check_used_record(struct tdb_context *tdb, tdb_off_t off, - const struct list_struct *rec, + const struct tdb_record *rec, unsigned char **hashes, int (*check)(TDB_DATA, TDB_DATA, void *), void *private_data) @@ -287,7 +287,7 @@ fail_put_key: /* Check that an unused record is valid. */ static bool tdb_check_free_record(struct tdb_context *tdb, tdb_off_t off, - const struct list_struct *rec, + const struct tdb_record *rec, unsigned char **hashes) { if (!tdb_check_record(tdb, off, rec)) @@ -308,7 +308,7 @@ int tdb_check(struct tdb_context *tdb, unsigned int h; unsigned char **hashes; tdb_off_t off, recovery_start; - struct list_struct rec; + struct tdb_record rec; bool found_recovery = false; if (tdb_lockall(tdb) == -1) diff --git a/lib/tdb/common/dump.c b/lib/tdb/common/dump.c index d1c902d..bdcbfab 100644 --- a/lib/tdb/common/dump.c +++ b/lib/tdb/common/dump.c @@ -30,7 +30,7 @@ static tdb_off_t tdb_dump_record(struct tdb_context *tdb, int hash, tdb_off_t offset) { - struct list_struct rec; + struct tdb_record rec; tdb_off_t tailer_ofs, tailer; if (tdb-methods-tdb_read(tdb, offset, (char *)rec, @@ -95,7 +95,7 @@ int tdb_printfreelist(struct tdb_context *tdb) int ret; long total_free = 0; tdb_off_t offset, rec_ptr; - struct list_struct rec; + struct tdb_record rec; if ((ret = tdb_lock(tdb, -1, F_WRLCK)) != 0) return ret; diff --git a/lib/tdb/common/freelist.c b/lib/tdb/common/freelist.c index dedf78c..8113b54 100644 --- a/lib/tdb/common/freelist.c +++ b/lib/tdb/common/freelist.c @@ -34,7 +34,7 @@ #define USE_RIGHT_MERGES 0 /* read a freelist record and check for simple errors */ -int tdb_rec_free_read(struct tdb_context *tdb, tdb_off_t off, struct list_struct *rec) +int tdb_rec_free_read(struct tdb_context *tdb, tdb_off_t off, struct tdb_record *rec) { if (tdb-methods-tdb_read(tdb, off, rec, sizeof(*rec),DOCONV()) == -1) return -1; @@ -87,7 +87,7 @@ static int remove_from_freelist(struct tdb_context *tdb, tdb_off_t off, tdb_off_ /* update a record tailer (must hold allocation lock) */ static int update_tailer(struct tdb_context *tdb, tdb_off_t offset, -const struct list_struct *rec) +const struct tdb_record *rec) { tdb_off_t totalsize; @@ -99,7 +99,7 @@ static int update_tailer(struct tdb_context *tdb, tdb_off_t offset, /* Add an element into the freelist. Merge adjacent records if neccessary. */ -int tdb_free(struct tdb_context *tdb, tdb_off_t offset, struct list_struct *rec) +int tdb_free(struct tdb_context *tdb, tdb_off_t offset, struct tdb_record *rec) { /* Allocation and tailer lock */
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via dcdec16... util: fixed place where we could look one byte past end of string from b46f0a7... s3: Fix crash in pam_winbind, another reference to freed memory. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit dcdec1663c1bba90ebe59abed0d0f70772f0eb64 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:03:27 2009 +1100 util: fixed place where we could look one byte past end of string We need to check the length before the value --- Summary of changes: lib/util/charset/util_unistr.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c index 024dc70..045aa4a 100644 --- a/lib/util/charset/util_unistr.c +++ b/lib/util/charset/util_unistr.c @@ -483,7 +483,7 @@ _PUBLIC_ char *strupper_talloc_n(TALLOC_CTX *ctx, const char *src, size_t n) return NULL; } - while (*src n--) { + while (n-- *src) { size_t c_size; codepoint_t c = next_codepoint_convenience(iconv_convenience, src, c_size); src += c_size; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via d8d28f7... s4-torture: fixed double free in libnet_group test from dcdec16... util: fixed place where we could look one byte past end of string http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit d8d28f74aabce7c02c25c2c1543ebea0355d68a8 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 18:45:43 2009 +1100 s4-torture: fixed double free in libnet_group test --- Summary of changes: source4/torture/libnet/libnet_group.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/libnet/libnet_group.c b/source4/torture/libnet/libnet_group.c index c7fdfbd..a98ecd1 100644 --- a/source4/torture/libnet/libnet_group.c +++ b/source4/torture/libnet/libnet_group.c @@ -273,7 +273,6 @@ bool torture_groupinfo_api(struct torture_context *torture) if (!NT_STATUS_IS_OK(status)) { printf(libnet_GroupInfo call failed: %s\n, nt_errstr(status)); ret = false; - talloc_free(mem_ctx); goto done; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via e692241... Fix bug 6802 - A created folder does not properly inherit permissions from parent. from d8d28f7... s4-torture: fixed double free in libnet_group test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit e6922418846b7ffc42d8d6db4c5a08385dd365fe Author: Barry Sabsevitz barry_sabsev...@hp.com Date: Fri Oct 23 11:50:29 2009 -0700 Fix bug 6802 - A created folder does not properly inherit permissions from parent. --- Summary of changes: source3/modules/vfs_acl_common.c | 42 ++--- 1 files changed, 38 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 39fd2ad..a12f105 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -279,7 +279,8 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, */ static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx, - SMB_STRUCT_STAT *psbuf) + SMB_STRUCT_STAT *psbuf, + bool force_inherit) { struct dom_sid owner_sid, group_sid; size_t sd_size; @@ -294,10 +295,22 @@ static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx, return NULL; } + /* If force_inherit is set, this means we are initializing the ACEs for +* a container and we want the ACEs for owner_sid and SYSTEM to be +* inheritable by their children (See Bug #6802). +*/ + init_sec_ace(pace[0], owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, - SEC_RIGHTS_FILE_ALL, 0); + SEC_RIGHTS_FILE_ALL, (force_inherit ? + (SEC_ACE_FLAG_OBJECT_INHERIT| + SEC_ACE_FLAG_CONTAINER_INHERIT) : + 0)); + init_sec_ace(pace[1], global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, - SEC_RIGHTS_FILE_ALL, 0); + SEC_RIGHTS_FILE_ALL, (force_inherit ? + (SEC_ACE_FLAG_OBJECT_INHERIT| + SEC_ACE_FLAG_CONTAINER_INHERIT) : + 0)); pacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, @@ -332,6 +345,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, DATA_BLOB blob; size_t size; char *parent_name; + bool force_inherit = false; uint8_t hash[XATTR_SD_HASH_SIZE]; if (!parent_dirname(ctx, smb_fname-base_name, parent_name, NULL)) { @@ -400,7 +414,27 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, return status; } - psd = default_file_sd(ctx, smb_fname-st); + /* If we get here, we could have the following possibilities: +* 1. No ACLs exist on the parent container. +* 2. ACLs exist on the parent container but they were +* not inheritable. +* +* Check to see if case #1 occurred. +* +*/ + if (container + (parent_desc == NULL || parent_desc-dacl == NULL)) { + + /* If no parent descriptor exists, then there were +* no ACLs on the parent and then we must create +* the ACLs on this newly created folder so that they +* will be inherited by their children (See Bug #6802). +*/ + + force_inherit = true; + } + + psd = default_file_sd(ctx, smb_fname-st, force_inherit); if (!psd) { return NT_STATUS_NO_MEMORY; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3054fe4... Fix bug 6802 - A created folder does not properly inherit permissions from parent. from 3b62e25... tdb: rename 'struct list_struct' into 'struct tdb_record' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3054fe46d9ae970c4bd3bac306bfe664fc5a34ff Author: Barry Sabsevitz barry_sabsev...@hp.com Date: Fri Oct 23 11:50:29 2009 -0700 Fix bug 6802 - A created folder does not properly inherit permissions from parent. --- Summary of changes: source3/modules/vfs_acl_common.c | 42 ++--- 1 files changed, 38 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 39fd2ad..a12f105 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -279,7 +279,8 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, */ static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx, - SMB_STRUCT_STAT *psbuf) + SMB_STRUCT_STAT *psbuf, + bool force_inherit) { struct dom_sid owner_sid, group_sid; size_t sd_size; @@ -294,10 +295,22 @@ static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx, return NULL; } + /* If force_inherit is set, this means we are initializing the ACEs for +* a container and we want the ACEs for owner_sid and SYSTEM to be +* inheritable by their children (See Bug #6802). +*/ + init_sec_ace(pace[0], owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, - SEC_RIGHTS_FILE_ALL, 0); + SEC_RIGHTS_FILE_ALL, (force_inherit ? + (SEC_ACE_FLAG_OBJECT_INHERIT| + SEC_ACE_FLAG_CONTAINER_INHERIT) : + 0)); + init_sec_ace(pace[1], global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, - SEC_RIGHTS_FILE_ALL, 0); + SEC_RIGHTS_FILE_ALL, (force_inherit ? + (SEC_ACE_FLAG_OBJECT_INHERIT| + SEC_ACE_FLAG_CONTAINER_INHERIT) : + 0)); pacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, @@ -332,6 +345,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, DATA_BLOB blob; size_t size; char *parent_name; + bool force_inherit = false; uint8_t hash[XATTR_SD_HASH_SIZE]; if (!parent_dirname(ctx, smb_fname-base_name, parent_name, NULL)) { @@ -400,7 +414,27 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, return status; } - psd = default_file_sd(ctx, smb_fname-st); + /* If we get here, we could have the following possibilities: +* 1. No ACLs exist on the parent container. +* 2. ACLs exist on the parent container but they were +* not inheritable. +* +* Check to see if case #1 occurred. +* +*/ + if (container + (parent_desc == NULL || parent_desc-dacl == NULL)) { + + /* If no parent descriptor exists, then there were +* no ACLs on the parent and then we must create +* the ACLs on this newly created folder so that they +* will be inherited by their children (See Bug #6802). +*/ + + force_inherit = true; + } + + psd = default_file_sd(ctx, smb_fname-st, force_inherit); if (!psd) { return NT_STATUS_NO_MEMORY; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 129cd3b... s3:Makefile: add some explicit dependencies to libc from e692241... Fix bug 6802 - A created folder does not properly inherit permissions from parent. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 129cd3b703f53f21102edbc480f03e2af7fe8a58 Author: Björn Jacke b...@sernet.de Date: Fri Oct 23 12:07:08 2009 -0700 s3:Makefile: add some explicit dependencies to libc Add libc as explicit dependency where we use -z defs linker flags. This is to silence the Sun linker. Otherwise it whines: malloc ... (symbol belongs to implicit dependency /lib/libc.so.1) --- Summary of changes: source3/Makefile.in |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index af0f53a..35c8b82 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -45,11 +45,11 @@ CPPFLAGS=-DHAVE_CONFIG_H @CPPFLAGS@ exee...@exeext@ a...@ar@ -ldshfla...@ldshflags@ @RELRO_LDFLAGS@ @LDFLAGS@ @LDSHFLAGS_Z_DEFS@ +ldshfla...@ldshflags@ @RELRO_LDFLAGS@ @LDFLAGS@ -lc @LDSHFLAGS_Z_DEFS@ ldpluginfla...@ldshflags@ @RELRO_LDFLAGS@ @LDFLAGS@ @LDSHFLAGS_Z_NODEFS@ ldfla...@pie_ldflags@ @RELRO_LDFLAGS@ @LDFLAGS@ -winbind_nss_ldshfla...@winbind_nss_ldshflags@ @LDFLAGS@ @LDSHFLAGS_Z_DEFS@ +winbind_nss_ldshfla...@winbind_nss_ldshflags@ @LDFLAGS@ -lc @LDSHFLAGS_Z_DEFS@ a...@awk@ picfl...@picflag@ dyne...@dynexp@ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 1f3ea87... tdb: rename 'struct list_struct' into 'struct tdb_record' via d94a4d4... lib/tdb: make tdbtool use tdb_check() for check command via 2e6f7df... lib/tdb: add tdb_check() via 12da055... lib/tdb: add -t (always use transactions) option to tdbtorture via 2b13c21... lib/tdb: wean off TDB_ERRCODE. via 9797336... lib/tdb: TDB_TRACE support (for developers) from 129cd3b... s3:Makefile: add some explicit dependencies to libc http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 1f3ea8778ae8ef7daccaf3f1950637d19c98 Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 23 13:51:03 2009 +0200 tdb: rename 'struct list_struct' into 'struct tdb_record' metze commit d94a4d44ea644c82925c5901af491a35f0ba611d Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Oct 22 00:11:34 2009 +1030 lib/tdb: make tdbtool use tdb_check() for check command Also, set logging function so we get more informative messages. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 2e6f7dfa793e0a5c46397dc18f65974c77a73b23 Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Oct 22 00:10:34 2009 +1030 lib/tdb: add tdb_check() ctdb wants a quick way to detect corrupt tdbs; particularly, tdbs with loops in their hash chains. tdb_check() provides this. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 12da0557bc3346972d65eaf05a0c80ce0884c4e0 Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Oct 22 00:10:54 2009 +1030 lib/tdb: add -t (always use transactions) option to tdbtorture This means you can kill it at any time and expect no corruption. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 2b13c2108f8b746dbe866fc14dd5e6045b0d12ea Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Oct 22 00:09:43 2009 +1030 lib/tdb: wean off TDB_ERRCODE. It was a regrettable hack which I used to reduce line count in tdb; in fact it caused confusion as can be seen in this patch. In particular, ecode now needs to be set before TDB_LOG anyway, and having it exposed in the header is useless (the struct tdb_context isn't defined, so it's doubly useless). Also, we should never set errno, as io.c was doing. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 97973362b405e365b9249d95da02ebf3465bb4e1 Author: Rusty Russell ru...@rustcorp.com.au Date: Tue Oct 20 12:19:41 2009 +1030 lib/tdb: TDB_TRACE support (for developers) When TDB_TRACE is defined (in tdb_private.h), verbose tracing of tdb operations is enabled. This can be replayed using replay_trace from http://ccan.ozlabs.org/info/tdb. The majority of this patch comes from moving internal functions to _funcname to avoid double-tracing. There should be no additional overhead for the normal (!TDB_TRACE) case. Note that the verbose traces compress really well with rzip. Signed-off-by: Rusty Russell ru...@rustcorp.com.au --- Summary of changes: lib/tdb/common/check.c | 422 lib/tdb/common/dump.c |4 +- lib/tdb/common/freelist.c | 23 ++- lib/tdb/common/freelistcheck.c |8 +- lib/tdb/common/io.c| 43 +++-- lib/tdb/common/lock.c | 64 +-- lib/tdb/common/open.c | 37 +++- lib/tdb/common/tdb.c | 271 ++ lib/tdb/common/tdb_private.h | 54 +- lib/tdb/common/transaction.c | 70 --- lib/tdb/common/traverse.c | 34 +++- lib/tdb/config.mk |2 +- lib/tdb/configure.ac |2 +- lib/tdb/docs/README| 11 + lib/tdb/docs/tracing.txt | 46 + lib/tdb/include/tdb.h |5 +- lib/tdb/libtdb.m4 |2 +- lib/tdb/tdb.exports|1 + lib/tdb/tdb.signatures |1 + lib/tdb/tools/tdbtool.c| 44 +++-- lib/tdb/tools/tdbtorture.c | 41 +++-- source4/min_versions.m4|2 +- 22 files changed, 1012 insertions(+), 175 deletions(-) create mode 100644 lib/tdb/common/check.c create mode 100644 lib/tdb/docs/tracing.txt Changeset truncated at 500 lines: diff --git a/lib/tdb/common/check.c b/lib/tdb/common/check.c new file mode 100644 index 000..4924734 --- /dev/null +++ b/lib/tdb/common/check.c @@ -0,0 +1,422 @@ + /* + Unix SMB/CIFS implementation. + + trivial database library + + Copyright (C) Rusty Russell2009 + + ** NOTE! The following LGPL license applies to the tdb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify